Cyber Threats in Education and What to Do About Them

Pam AulakhNovember 21, 2024

The top target for ransomware attacks isn’t the healthcare industry or the critical infrastructure as many may assume. It is education, particularly K–12 institutions. Different studies found a dramatic increase in the number of attacks against schools, jumping from 129 in 2022 to 265 in 2023.1,2

The education sector is a data treasure trove of personal information belonging to students, educators, parents, and alumni—ranging from Social Security numbers to credit cards numbers. The PII of children is especially attractive to threat actors because no one is running credit checks or using that information until they want a driver’s license or try to rent an apartment after graduating. By then, unfortunately, their identity could be compromised an untold number of times.

The Reasons Behind the Rise in Cyberattacks against Schools

The vast amount of valuable data is why schools have shot up to number one on threat actors’ target lists, but it isn’t the only reason why education is seeing an increase in cyberattacks.

There is a greater reliance on technology even for the youngest children. Students are given computers and tablets to use both in school and at home—adding thousands of devices to the network and thousands of users who are untrained in basic cybersecurity hygiene.

School districts also traditionally have understaffed IT and cybersecurity teams, often spread out across different schools. Many have an aging infrastructure, poorly equipped to handle the more sophisticated and faster technology used by students and faculty.

Today’s school children live online, and threat actors know it. Social engineering tactics lure kids to watch videos on YouTube or TikTok and phishing emails lure them into making mistakes that launch malware into the school network.

Should Schools Pay Ransomware Payments?

Nearly half of schools hit by ransomware have paid to recover their data.3 But should they?

No, say the FBI and CISA. Payment doesn’t guarantee data will be released, and threat actors are increasingly holding data for multiple ransoms even after they are paid. There is also concern of subsequent ransomware attacks if the threat actors know they’ll get paid.

However, because of the nature of the data that is stolen, there are many district administrators who think the chance of recovery is worth the payment.

Educational Institutions Respond

Thanks to a number of government resources available, schools have access to the information needed to respond to cyber threats.4 This includes:

  • User cybersecurity education for all levels. There should be regular security awareness training for teachers and staff. In the classrooms, children should have grade-appropriate education about what they should and should not do on their devices.
  • End point protection. All devices and applications should require MFA or biometric authentication. Cybersecurity software that offers secure gateways, firewalls, and cloud security should be available.
  • Third-party services. Using MSSPs to manage the infrastructure and security issues like updates and patches covers the gaps of a small IT staff.

Addressing Security in the Age of AI

AI is creating new security risks for education, and school leaders are unsure how to address the increased use of generative AI by students and faculty. They aren’t alone; all industries are grappling with how to use AI in secure ways, but education is the only industry where the majority of users are under 18. How to handle privacy concerns or misinformation in generative AI is something that will need to become a top issue as schools continue to discuss their overall cybersecurity plans.

Cyberattacks are on the rise in the education sector, targeting the most vulnerable members of society. Schools must take greater steps to address the threats, as well as the immediate and future impacts of a data breach on students. 

How Connection Can Help

Connection is your partner for cybersecurity solutions and services. From hardware and software to consulting and customized solutions, we’re leading the way in education cybersecurity and solutions. 

Explore our Solutions and Services

Cybersecurity

K-12 Education Technology

Modern Infrastructure

Reach out to one of our Connection experts today:

Contact Us
1.800.998.0067

___

  1. Sophos, The State of Ransomware in Education 2023
  2. ThreatDown, 2024 State of Ransomware in Education: 92% Spike in K-12 Attacks
  3. K12 Dive, Nearly Half of K-12 Providers Hit by Ransomware Paid to Have Data Restored
  4. REMS, Cybersecurity Preparedness for K-12 Schools and Institutions of Higher Education

Pamela Aulakh is the K–12 Vertical Alliance Manager for Connection. In her role as an education strategist, she works with districts across the nation to help develop and implement K–12 educational technology solutions in support of improving learning environments and student outcomes. After spending more than a decade as an educator, instructional technology leader, and project manager, Pam understands the importance of leveraging solutions and funding to support equity-based technology programs and structures. Her expertise includes developing innovation portfolios that integrate STEM and Maker programs.

Read Next
TechSperience Episode 130: AI in Manufacturing–Productivity at the Point of Use
Understanding the Impact of SQL Server 2022 Licensing Changes and How Connection SAM Services Can Help
TechSperience Episode 129: Boosting Workplace Productivity with Embedded AI
The Importance of Embedded AI PCs in Manufacturing
Boosting Cybersecurity for Schools and Libraries: A New FCC Program
© PC CONNECTION, INC. ALL RIGHTS RESERVED.